End-of-Shift report
Timeframe: Freitag 27-05-2016 18:00 − Montag 30-05-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Security baseline for Windows Server 2016 Technical Preview 5 (TP5)
Microsoft is pleased to announce the draft release of the security configuration baseline settings for Windows Server 2016, corresponding to Technical ..
https://blogs.technet.microsoft.com/secguide/2016/05/27/security-baseline-for-windows-server-2016-technical-preview-5-tp5/
New Locky ransomware campaign sets sights on Amazon customers
Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.
http://www.scmagazine.com/new-locky-ransomware-campaign-sets-sights-on-amazon-customers/article/499282/
How Attackers Use a Flash Exploit to Distribute Crimeware and Other Malware
Background Adobe Flash is multimedia software that runs on more than 1 billion systems worldwide. Its long list of security vulnerabilities and huge market presence ..
https://www.alienvault.com/blogs/security-essentials/how-attackers-use-a-flash-exploit-to-distribute-crimeware-and-other-malware
VMSA-2016-0005.2
http://www.vmware.com/security/advisories/VMSA-2016-0005.html
Security Advisory: Stored XSS in Jetpack
During regular research audits for our Sucuri Firewall (Cloud-based WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more than a million WordPress sites. The ..
https://blog.sucuri.net/2016/05/security-advisory-stored-xss-jetpack-2.html
ZDI-16-361: (Pwn2Own) Apple OS X libATSServer Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://www.zerodayinitiative.com/advisories/ZDI-16-361/
ZDI-16-360: (Pwn2Own) Apple OS X fontd Sandbox Escape Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-16-360/
Microsoft stattet Windows 10 mit doppelten Virenschutz aus
http://derstandard.at/2000037805637
Nach LinkedIn Datenleck auch bei MySpace
Der LinkedIn-Hacker hat laut eigenen Angaben auch 360 Millionen E-Mail-Adressen von MySpace-Nutzern und ..
http://futurezone.at/digital-life/nach-linkedin-datenleck-auch-bei-myspace/201.396.487
Duqu 2.0 kernel exploitation technique analysis (part 1 of 2)
Out of the multiple components used in the sophisticated Duqu 2.0 cyberespionage attack, we had a chance to look into one of the kernel exploits used for its ..
https://blogs.technet.microsoft.com/mmpc/2016/05/29/%e2%80%8bduqu-2-0-kernel-exploitation-technique-analysis-part-1-of-2/
CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename
All existing releases of GraphicsMagick and ImageMagick support a file open syntax where if the first character of the file specification is a |, then the remainder of the filename is passed to the shell for execution using the ..
http://permalink.gmane.org/gmane.comp.security.oss.general/19669
breaking into a wordpress site without knowing wordpress/php or infosec at all
This is a post about how I tried and broke into my colleges wordpress installation without having any prior knowledge of wordpress/php and without any experience with hacking web-servers. The attempts were spread out over a month, ..
https://notehub.org/5zo2v
Saudi-Arabien soll Cyberangriffe gegen Iran gestartet haben
http://derstandard.at/2000037865736
Microsoft geht gegen zu einfache Passwörter vor
Künftig sollen Nutzer von Azure und anderen Diensten Warnungen erhalten, wenn ihr Kennwort ..
http://derstandard.at/2000037866342
Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
A vulnerability in the IP Version 6 (IPv6) packet processing functions of Cisco IOS XR Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an ..
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
Angreifer erbeuten Nutzerdaten von sz-magazin.de
Ein Unbefugter habe sich Mitte Mai rechtswidrig Zugriff auf einen Datenbankserver des SZ-Magazins verschafft.
http://heise.de/-3222586
Hintergrund: Zertifikate sperren - so gehts
Verkehrte Welt -- um ein Zertifikat zu sperren, muss man es erst installieren. Mit der folgenden Anleitung ..
http://heise.de/-3222308
Zum Weltnichtrauchertag: BSI warnt vor Malware in E-Zigaretten
Wer E-Zigaretten raucht, erspart seiner Lunge Teer, setzt aber die Gesundheit seines Rechners aufs Spiel - zumindest, wenn die E-Zigarette per USB aufgeladen wird.
http://www.golem.de/news/zum-weltnichtrauchertag-bsi-warnt-vor-malware-in-e-zigaretten-1605-121180.html